Security Basics mailing list archives
RE: Removing ping/icmp from a network
From: "Murda Mcloud" <murdamcloud () bigpond com>
Date: Thu, 27 Mar 2008 08:50:05 +1000
I think the important thing here is where Strykar says 'supposedly secure'. What are the risks that you can see on that network? Are there enough risks to tip it past the 'trusted' point. Granted, 'trusted' is just a label, and not a metric as such here. I know the word has a meaning in the 'inside of the perimeter and not the DMZ' sense but what else does it mean to people? Scott Ramsdell said:
Even on my trusted LAN, I only allow echo request/echo reply.
Which made me wonder, is that a 'trusted' LAN then? Different networks have different needs and different risks to address. When does it stop being trusted? Because it's outside a firewall? Behind a router? Because I don't know the people using the clients on the LAN? What does everyone else think? Obviously I don't trust some of my users not to mistakenly or purposefully access risky websites or services-otherwise I wouldn't have controls in place to mitigate that. But they are on my 'trusted' LAN. So trusted seems a fuzzy concept here; a human word for a human situation. Personally, I'd find it very difficult to do my job without Mike Muss' awesome little program, ping. So blocking ICMP is not going to happen on the inside...of my, uh, trusted LAN.
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Strykar Sent: Wednesday, March 26, 2008 10:30 AM To: security-basics () securityfocus com Subject: RE: Removing ping/icmp from a network You don't discourage ICMP on a network, that's uninformed Jim the farmer cum Sysad talk. - S -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Secure This Sent: Tuesday, March 25, 2008 10:00 PM To: security-basics () securityfocus com Subject: Removing ping/icmp from a network I have a variety of clients with data centres who all make use of icmp/ping to monitor their servers/appliances/devices (often with poorly configured snmp versions 1 and 2). Could anybody kindly advise me of tools and strategies for minimising or removing the use of icmp/ping on a supposedly secure network? Thanks in advance
Current thread:
- Re: DoD aproved disk wiping tool, (continued)
- Re: DoD aproved disk wiping tool John Syers (Mar 27)
- Re: DoD aproved disk wiping tool postmaster (Mar 27)
- Re: DoD aproved disk wiping tool Tremaine Lea (Mar 27)
- RE: DoD aproved disk wiping tool Kevin Ortloff (Mar 27)
- RE: DoD aproved disk wiping tool Arbogast, Paul (Citco) (Mar 28)
- RE: DoD approved disk wiping tool Steve Armstrong (Mar 28)
- Re: DoD approved disk wiping tool Hattrickinc (Mar 28)
- RE: Removing ping/icmp from a network Murda Mcloud (Mar 27)
- RE: Removing ping/icmp from a network Murda Mcloud (Mar 27)
- RE: Removing ping/icmp from a network Worrell, Brian (Mar 26)
- Re: Removing ping/icmp from a network Ansgar -59cobalt- Wiechers (Mar 26)
- RE: Removing ping/icmp from a network Craig Wright (Mar 26)
- Re: Removing ping/icmp from a network Jason (Mar 27)
- Re: Removing ping/icmp from a network Mark Owen (Mar 27)
- R: Removing ping/icmp from a network Vega - Brunello Ivan (Mar 27)
- Re: Removing ping/icmp from a network Jason (Mar 27)
- Re: Removing ping/icmp from a network Michael Painter (Mar 27)